Capture the Flag Walkthrough – DC-1

Introduction

In this Capture the Flag walkthrough, you will be shown how to gain root access to a virtual machine designed as a Capture the Flag (CTF) exercise. The credit for making this VM machine goes to “DCAU.” This CTF is another boot2root challenge that aims to get root access to complete the challenge. These walk-throughs are designed so students can learn by emulating the technical guidelines for conducting a real-world pentest using as few automated tools as possible.

In Capture the Flag (CTF), “flags” are secrets hidden in purposefully vulnerable programs or websites. Competitors steal flags from other competitors (attack/defense-style CTFs) or the organizers. Several variations exist, including hiding flags in hardware devices.

Security CTFs are usually designed as educational exercises to give participants experience in securing a machine and conducting and reacting to attacks in the real world (e.g., bug bounty programs in professional settings). Classic activities include reverse engineering, network sniffing, protocol analysis, system administration, programming, cryptoanalysis, and writing exploits.

Hardware Requirements

• Installation of VirtualBox
• One virtual install of Kali Linux
• One virtual install of the Basic Pentesting OVA file.
• Ensure the network adapter for both machines is set to either bridged or NAT.
• This VM will not boot until you enter the settings and disable the USB controller.

Why take this Course?

If you’ve taken the ethical hacking courses, you’ve been introduced to the tools and the methodology used by pentesters and ethical hackers.  Prof. K’s Ethical Hacking – Capture the Flag Walkthrough series brings it all together, showing students how to perform an actual pentest and gain root access. More importantly, students learn how to build the hacker’s methodology into their mindset.

Prof. K’s Ethical Hacking – Capture the Flag Walkthrough series is designed to introduce students to skills similar to what pentesters and hackers use in real-life situations. In addition, this course will provide a greater understanding of how vulnerabilities are discovered and exploited.

Although all hackers use no specific step-by-step methodology, a typical hacking process comprises the following steps:

1. Footprinting – the passive method of gaining information about the target system before performing the attack.
2. Scanning – the process of taking information obtained from the footprinting phase to target the attack more precisely. Some methods used in this phase are port scans, ping sweeps, operating systems detection, observation of facilities used by the target, etc.
3. Enumeration – the process of extracting more detailed information about the information obtained during the scanning phase to determine its usefulness. Some methods used in this step are user accounts enumeration, SNMP enumeration, UNIX/Linux enumeration, LDAP enumeration, NTP enumeration, SMTP enumeration, DNS enumeration, etc.
4. System hacking is planning and executing the attack based on the information obtained in the previous phases. In this phase, the attacker performs the hacking process using hacking tools.
5. Escalation of privilege – obtaining privileges granted to higher privileged accounts than the attacker broke into initially. This step aims to move from a low-level account (such as a guest account) to an administrator.
6. Covering tracks – the process of removing any evidence of the attacker’s presence in a system. For example, the attacker purges log files and removes other evidence the system owner needs to determine that an attack occurred.
7. Planting backdoors – securing unauthorized remote access to a computer so the attacker can access the system later without being detected. Backdoors are computer programs that give attackers remote access to a targeted computer system. Entry-level Walkthroughs for Capture the Flag exercises that will help strengthen your pentesting skills.

Students step through each of the Capture the Flags (CTF) walkthroughs using a step-by-step lab file and video tutorial. Students follow the steps taken by a pentester or ethical hacker to enumerate a target and gain root access. Additionally, each CTF reinforces the steps of the hacking methodology used by pentesters and hackers.

Students who have completed Prof. K’s  Ethical Hacking Courses can now practice what they have learned in Prof. K’s Ethical Hacking – Capture the Flag Walkthrough series of exercises. You’ve seen the tools and heard all the war stories. Now, learn ethical hacking as you’ve always wanted to.